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CLAIMS 

1. A method in an IP network f the network including a switch 
node (5) f at least one DHCP server (4,4a, 4b) and at least 
one subscriber (6) being associated with the node, the 
method including the following steps: 

- creating a list (LI) of trusted ones of the DHCP servers; 

- transmitting by the subscriber (6) a DHCP request message 
(M3) for an IP address; 

- receiving a reply message (M4) , which carries an assigned 
subscriber IP address (IP1); 

- analysing (510,808,(8)) the reply message to be a DHCP 
message and having a source address (IP4) from one of the 
trusted DHCP servers (4); 

- updating (513,812,(10)) a filter (9, TAB1) dynamically in 
the node (5) , the filter storing an identification 
(MAC1, PI, VLAN1) of the subscriber (6) and the assigned 
subscriber IP address (IP1) . 

2. A method in an IP network according to claim 1, the 
method including storing in the filter (9,TAB1) a subscriber 
MAC address (MAC1), a subscriber physical port number (PI), 
a subscriber virtual LAN identity (VLAN1) and a lease time 
interval (Tl) for the assigned subscriber IP address (IP1) - 

3. A method in an IP network according to claim 1, the 
subscriber IP address being statically assigned and handled 
by the DHCP servers (4, 4a, 4b) . 

4. A method in an IP network according to claim 2, the 
method including deleting the subscriber identification 
(MAC1, PI, VLANl) and the corresponding assigned subscriber IP 
address (IP1) from the filter (9,TAB1) when the lease time 
interval (Tl) is out. 
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5. A method in an IP network according to claim 1,-2 or 3, 
the method including: 

- transmitting a frame (FR1) from the subscriber (6) using a 
source IP address (IPX); 

5 - comparing in the filter (9,TAB1) said source IP address 
with the stored subscriber IP address (IP1) ; 

- discarding said frame when said source IP address (IPX) 
differs from the stored subscriber IP address (IPl) . 



10 6. A method in an IP network according to claim 5, the 
method including: 

counting a number of attempts (n) from the subscriber (6A) 
to use an illegitimate IP address; 

comparing (9,01) the number (n) of the attempts with a 
15 threshold number (N) ; 

sending a warning signal (Wl) when the number of attempts 
(n=ll) exceeds a threshold (N-10) criteria. 



1. A device in an IP network, the device (5) including: 

20 - at least one port (P1,P2,P3) for a subscriber (6,6A); 

- an uplink port (PN) for DHCP servers in the network (1); 
and 

a filter device (9) having a list (LI) over trusted ones 
of the DHCP servers (4, 4a, 4b), the filter device (9) being 
25 associated with the ports (P1,P2,P3; PN) , 



wherein 
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- the device (5) is arranged to receive a subscriber IP 
address request message (M3) on the subscriber port (PI) , 
analyse it to be a DHCP message and transmit it on the 
uplink port (PN) ; 

the device (5) is arranged to receive a reply message (M4) 
on the uplink port (PN), analyse it to be a DHCP message 
and to have a source IP address (IP4) from one of the 
trusted DHCP servers on the list (LI) ; and 

- the device (5) is arranged to dynamically update the 
filter (9,TAB1) with an identification of the subscriber 
(6) and a corresponding assigned subscriber IP address 
(IP1) in the reply message (M4) . 



8. A device in an IP network according to claim 7, the 
device being arranged to store in the filter ( 9, TAB1) a 
subscriber MAC address (MAC1) r a subscriber physical port 
number (PI), a subscriber virtual LAN identity (VLAN1) and a 
lease time interval (Tl) for the assigned subscriber IP 
address (IPl) • 



9. A device in an IP network according to claim 7, the 
subscriber IP address being a statically assigned address 
which is handled by the DHCP servers (4, 4a, 4b). 



10. A device in an IP network according to claim 8, the 
device (5) being arranged to delete the subscriber 
identification (MAC1, PI, VLAN1) and the corresponding 
assigned subscriber IP address (IPl) from the filter 
(9,TAB1) when the lease time interval (Tl) is out. 
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11. A device in an IP network according to claim 7, 8 or 9 
being arranged to receive a frame (FRl) with a source IP 
address (IPX) on the subscriber port (P2) , to compare in the 
filter (9,TAB1) said source IP address (IPX) with the stored 
5 subscriber IP address (IPl) and to discard said frame (FRl) 
when said source IP address (IPX) differs from the stored 
subscriber IP address (IPl) . 



12. A device in an IP network according to claim 10, the 
10 filter (9) having a counter (CI) being arranged to count a 
number (n) of discarded frames (FRl) on the subscriber port 
(P2), to compare (9, CI) the number (n) of the discarded 
frames with a threshold number (N) and to send a warning 
signal (Wl) when the number of discarded frames (n=ll) 
15 exceeds a threshold criterion (N=10) . 
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